diff options
author | Tyler Hicks <tyhicks@linux.vnet.ibm.com> | 2011-07-26 19:47:08 -0500 |
---|---|---|
committer | Jonas ABERG <jonas.aberg@stericsson.com> | 2011-10-28 11:13:54 +0200 |
commit | f50f34c791deb53a14cf94acdccb8c44e1956f67 (patch) | |
tree | e39e54f144e82aef9fb17d12fc26723f54608037 /Documentation/security | |
parent | 0980bf907ce7d952aaba50436be93fded44a2da6 (diff) |
eCryptfs: Unlock keys needed by ecryptfsd
commit b2987a5e05ec7a1af7ca42e5d5349d7a22753031 upstream.
Fixes a regression caused by b5695d04634fa4ccca7dcbc05bb4a66522f02e0b
Kernel keyring keys containing eCryptfs authentication tokens should not
be write locked when calling out to ecryptfsd to wrap and unwrap file
encryption keys. The eCryptfs kernel code can not hold the key's write
lock because ecryptfsd needs to request the key after receiving such a
request from the kernel.
Without this fix, all file opens and creates will timeout and fail when
using the eCryptfs PKI infrastructure. This is not an issue when using
passphrase-based mount keys, which is the most widely deployed eCryptfs
configuration.
Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Acked-by: Roberto Sassu <roberto.sassu@polito.it>
Tested-by: Roberto Sassu <roberto.sassu@polito.it>
Tested-by: Alexis Hafner1 <haf@zurich.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Change-Id: I4b2027ee93cb3dd4f85994b8465d6919fc8f906a
Reviewed-on: http://gerrit.lud.stericsson.com/gerrit/35652
Tested-by: Per VAHLNE <per.xx.vahlne@stericsson.com>
Reviewed-by: Jonas ABERG <jonas.aberg@stericsson.com>
Diffstat (limited to 'Documentation/security')
0 files changed, 0 insertions, 0 deletions